Research Article
A Quality of Context-Aware Approach to Access Control in Pervasive Environments
@INPROCEEDINGS{10.1007/978-3-642-01802-2_18, author={Alessandra Toninelli and Antonio Corradi and Rebecca Montanari}, title={A Quality of Context-Aware Approach to Access Control in Pervasive Environments}, proceedings={MobileWireless Middleware, Operating Systems, and Applications. Second International Conference, Mobilware 2009, Berlin, Germany, April 28-29, 2009 Proceedings}, proceedings_a={MOBILWARE}, year={2012}, month={5}, keywords={}, doi={10.1007/978-3-642-01802-2_18} }
- Alessandra Toninelli
Antonio Corradi
Rebecca Montanari
Year: 2012
A Quality of Context-Aware Approach to Access Control in Pervasive Environments
MOBILWARE
Springer
DOI: 10.1007/978-3-642-01802-2_18
Abstract
The widespread diffusion of wireless-enabled portable devices creates novel opportunities for users to share resources anywhere and anytime, but makes access control a crucial issue. User/device mobility and heterogeneity, together with network topology and conditions variability, complicate access control and call for novel solutions to dynamically adapt access decisions to the different operating conditions. Several research efforts have emerged in recent years that propose to exploit to control access to resources based on context visibility and changes. Context-based access control requires, however, to take into account the of context information used to drive access decisions (QoC). Quality of context has in fact a profound impact on the correct behavior of any context-aware access control framework. Using context information with insufficient quality might increase the risk of incorrect access control decisions, thus leading to dangerous security breaches in resource sharing. In this paper we propose a QoC-aware approach to access control for anywhere, anytime resource sharing. The paper describes the design, implementation and evaluation of the Proteus policy framework, which combines two design guidelines to enable dynamic adaptation of policies depending on context changes: context-awareness with QoC guarantees and semantic technologies to allow high-level description of context/policy specification and reasoning about context/policies.